[yocto] uBoot, kernel and device tree files
Michal Vokáč
michal.vokac at ysoft.com
Thu Aug 9 01:41:17 PDT 2018
Hi Srini,
On 8.8.2018 20:51, Srinivasan, Raja wrote:
> All
>
> We are using rocko.on variscite var-som-mx6.
>
> In order to increase the security of our system (during a system upgrade), we are looking to merge uImage (kernel image) and the device tree file into 1 file. Currently these are 2 different files and are worried that a file copy operation might get aborted.
I understand that what you want to achive by combining the files is
"relyability" and not "security". Those are totaly different things.
> My research so far indicates mkuboot can be used to merge these. but having trouble making this work.
>
> Need some ideas.
>
> Any pointers appreciated. srini
I am aware of at least two options to combine kernel images and device
tree files.
Option 1) Append DTB directly to the kernel image
This is the simplest option. Just use cat to concatenate the files
and enable the CONFIG_ARM_APPENDED_DTB kernel option.
Read the help for the option, it is quite informative.
In this case you do not need to change anything in your boot loader.
Just load and boot the combined image as usual and kernel will do
the rest.
Option 2) Use FIT images
I strongly recommend this option over the first one.
FIT images are something like containers that can contain multiple kernel
images, multiple device tree blobs, multiple initram file systems.
Part of the FIT image then describes what combinations of those files
can be used to boot.
If your concern is not just reliability but also security than FIT images
are also better. You can put hashes/signatures of all the files into the
description of the files and use the hashes in the bootloader to verify
the images (I never used that.)
In this option you need to change your boot command.
Hope this helps,
Michal
More information about the yocto
mailing list